As stated in the question title. However, I am using a "trick" where i store extra data after the executable to be used at runtime (see here).
Signing my executable appears to break this 'trick' however, so my question is where is the signature stored in the exe (PE) file?
I am usingsigntool from microsoft to sign my executable.
An embedded digital signature is always appended to the end of the executable file, whether or not you have custom data attached to it. The attached data is included in the hash of the signature.
The location and size of the signature is stored in the security directory of the PE header. Extracting that information goes like this:
IMAGE_OPTIONAL_HEADER of the PE file.IMAGE_OPTIONAL_HEADER::DataDirectory is an array of IMAGE_DATA_DIRECTORY structures. Index it by IMAGE_DIRECTORY_ENTRY_SECURITY (undocumented but declared in winnt.h) to locate the entry of the security directory. IMAGE_DATA_DIRECTORY::VirtualAddress contains the file offset (not the RVA) of the signature and IMAGE_DATA_DIRECTORY::Size contains the size of the signature.References:
The format of a signed PE file is documented by Microsoft:
Windows Authenticode Portable Executable Signature Format
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 狗以群分 的文章《Where is the digital signature stored when code si》','https://www.manongdao.com/article-700389.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}